We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
HOW TO: RSPAMD integration
Re: HOW TO: RSPAMD integration
Thanks! It took me a while to train it to block all spam but now it blocks all incoming emails
Re: HOW TO: RSPAMD integration
Thought I'd give this a go on a non-critical server. I'm on Ubuntu 18, rather than Centos, but the idea is the same. Followed your config, making adjustments for platform, and rspamd, redis and exim are all running happily. The only trouble is that rspamd doesn't seem to be chewing on any emails. I can send and receive as normal, but the web stats interface of rspamd shows zero mails passing through. I added a test spam to the web interface, and that registered, but its the only mail I can see.
Nothing in particular in the exim or rspamd logs that gives me a clue. Has anyone else been through this on Ubuntu?
Spam assassin is happily disabled. I can roll back the config pretty easily, but I'm going to leave it going for a day to see if anything suggests itself.
Nothing in particular in the exim or rspamd logs that gives me a clue. Has anyone else been through this on Ubuntu?
Spam assassin is happily disabled. I can roll back the config pretty easily, but I'm going to leave it going for a day to see if anything suggests itself.
Re: HOW TO: RSPAMD integration
Replaced original email, as it might have been confusing. OK, so on Ubuntu, there is one key change to the original poster's config. In the check_rcpt section, you set a variable acl_m1 depending on whether a file exists for that domain:
Its crucial to note that for Ubuntu, the path is /etc/exim4 rather than /etc/exim which the Centos example used.!
Once you have that set, the conditions for scanning the mail work fine, specifically this one which has now been correctly set:
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
I've been tweaking the exim config. Currently it looks like this:
Code: Select all
.ifdef RSPAMD
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
Once you have that set, the conditions for scanning the mail work fine, specifically this one which has now been correctly set:
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
I've been tweaking the exim config. Currently it looks like this:
Code: Select all
.ifdef RSPAMD
accept hosts = +relay_from_hosts
accept condition = ${if eq{$interface_port}{587}}
accept authenticated = *
# If message size is less than 500k and the domain has antispam enabled, scan the message with rspamd
# This will set variables as follows: $spam_action, $spam_score, $spam_score_int (spam score x10), $spam_report, $spam_bar
# So we add these as headers, first removing any existing ones
warn condition = ${if < {$message_size}{500K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true
remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Action: $spam_action
set acl_m2 = $spam_score_int
# add x-spam-bar header if score is positive
warn condition = ${if >{$spam_score_int}{0}}
add_header = X-Spam-Bar: $spam_bar
# use greylisting if action is soft reject
defer message = Please try again later
condition = ${if eq{$spam_action}{soft reject}}
# Hard reject if spam action is reject
deny message = Message discarded as high-probability spam
condition = ${if eq{$spam_action}{reject}}
# Tag mesage as spam-report header when spam action is "add header"
warn
condition = ${if eq{$spam_action}{add header}}
add_header = X-Spam-Status: Yes
# add x-spam-status header if message action is "rewrite subject"
warn
condition = ${if eq{$spam_action}{rewrite subject}}
add_header = X-Spam-Status: Yes
.endif
Re: HOW TO: RSPAMD integration
Hi,
question should be changed condition = ${if eq{$acl_m1}{yes}{yes}{no}} from ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} ??
Regards
Ruben
question should be changed condition = ${if eq{$acl_m1}{yes}{yes}{no}} from ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} ??
Regards
Ruben
plutocrat wrote: ↑Wed Apr 15, 2020 8:49 amReplaced original email, as it might have been confusing. OK, so on Ubuntu, there is one key change to the original poster's config. In the check_rcpt section, you set a variable acl_m1 depending on whether a file exists for that domain:Its crucial to note that for Ubuntu, the path is /etc/exim4 rather than /etc/exim which the Centos example used.!Code: Select all
.ifdef RSPAMD warn set acl_m1 = no warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} set acl_m1 = yes .endif
Once you have that set, the conditions for scanning the mail work fine, specifically this one which has now been correctly set:
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
I've been tweaking the exim config. Currently it looks like this:
Code: Select all
.ifdef RSPAMD accept hosts = +relay_from_hosts accept condition = ${if eq{$interface_port}{587}} accept authenticated = * # If message size is less than 500k and the domain has antispam enabled, scan the message with rspamd # This will set variables as follows: $spam_action, $spam_score, $spam_score_int (spam score x10), $spam_report, $spam_bar # So we add these as headers, first removing any existing ones warn condition = ${if < {$message_size}{500K}} condition = ${if eq{$acl_m1}{yes}{yes}{no}} spam = nobody:true remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Report: $spam_report add_header = X-Spam-Action: $spam_action set acl_m2 = $spam_score_int # add x-spam-bar header if score is positive warn condition = ${if >{$spam_score_int}{0}} add_header = X-Spam-Bar: $spam_bar # use greylisting if action is soft reject defer message = Please try again later condition = ${if eq{$spam_action}{soft reject}} # Hard reject if spam action is reject deny message = Message discarded as high-probability spam condition = ${if eq{$spam_action}{reject}} # Tag mesage as spam-report header when spam action is "add header" warn condition = ${if eq{$spam_action}{add header}} add_header = X-Spam-Status: Yes # add x-spam-status header if message action is "rewrite subject" warn condition = ${if eq{$spam_action}{rewrite subject}} add_header = X-Spam-Status: Yes .endif
Re: HOW TO: RSPAMD integration
I don't understand what you're asking.
The config I posted works. In the first section it uses this condition to look for a file. If the file exists, it sets $acl_m1 to "yes":
${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
The second condition checks to see if $acl_m1="yes". If it does, it scans the mail with rspamd
${if eq{$acl_m1}{yes}{yes}{no}}
This was just the way it was set up in the original exim config file for vesta. If you understand what you're doing, then there's no reason (as far as I can see), why you can't remove the first section, and just replace
${if eq{$acl_m1}{yes}{yes}{no}}
with
${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
in the second section.
i.e. there doesn't seem to be a need to set the intermediate variable $acl_m1. Is that what you were asking?
Re: HOW TO: RSPAMD integration
I think that in my case something doesn't work as it should!
I am receiving every day the same and the same 4-5 emails from various addresses.
The content and the format of the emails is exactly the same.
I don't think that the rspamd learns from me marking emails as spam and moving them to the spam folder nor from when I train it from the GUI.
It will say for example the item is already learned but here it is, 10 minutes later in my inbox. The same item as 1000 before it!
I am receiving every day the same and the same 4-5 emails from various addresses.
The content and the format of the emails is exactly the same.
I don't think that the rspamd learns from me marking emails as spam and moving them to the spam folder nor from when I train it from the GUI.
It will say for example the item is already learned but here it is, 10 minutes later in my inbox. The same item as 1000 before it!
Re: HOW TO: RSPAMD integration
Hi,
I'm Using CentOS 7 want to integrate rSpamD, I have confusion with some parts of this post.
1. During Instalation Which options Select?
1. Nginx + Apache OR Nginx + php-fpm ?
2. exim + devcot OR exim or No ?
2. Where to write this line?
3. Which Options to Select in this during configuration
4. Where to write this code in Edit /etc/exim/exim.conf bcz its a long file, should write in start or end?
5. Where to add this code for, Add rspamd web interface location to vesta-nginx: /usr/local/vesta/nginx/conf/nginx.conf ?
Please Reply, Because there is no Video Tutorial available on whole internet about rspamd installation and integration with VestaCP.
I'm Using CentOS 7 want to integrate rSpamD, I have confusion with some parts of this post.
1. During Instalation Which options Select?
1. Nginx + Apache OR Nginx + php-fpm ?
2. exim + devcot OR exim or No ?
2. Where to write this line?
Code: Select all
echo 1 > /proc/sys/vm/overcommit_memory
Code: Select all
rspamadm configwizard
Code: Select all
(...)
#SPAMASSASSIN = yes
RSPAMD = yes
SPAM_SCORE = 50
#CLAMD = yes <<< If you use clamava, you may leave it uncommented
(...)
.ifdef RSPAMD
spamd_address = 127.0.0.1 11333 variant=rspamd
.endif
(...)
acl_check_rcpt:
(...)
.ifdef RSPAMD
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
accept
(...)
acl_check_data:
(...)
#RSPAMD https://www.rspamd.com/doc/integration.html
.ifdef RSPAMD
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{500K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
# use greylisting available in rspamd v1.3+
defer message = Please try again later
condition = ${if eq{$spam_action}{soft reject}}
# use for discarding spam email
deny message = Message discarded as high-probability spam (from $sender_address to $recipients)
condition = ${if eq{$spam_action}{reject}}
# Remove foreign headers
warn remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status
# add spam header
warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
.endif
(...)
Code: Select all
(...)
location ~ \.php$ {
include /usr/local/vesta/nginx/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_pass unix:/var/run/vesta-php.sock;
fastcgi_intercept_errors on;
break;
}
location /rspamd/ {
proxy_pass http://localhost:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
(...)
Re: HOW TO: RSPAMD integration
Hey,
I am fighting with this as well.
I found out rspamd install, on Ubuntu 18.
You can use rspamd website to find your install method.
Also it was told to go with defaults but it depends on your system as well.
I am fighting with this as well.
I found out rspamd install, on Ubuntu 18.
Code: Select all
apt-get install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt-get update
apt-get --no-install-recommends install rspamd -y
Also it was told to go with defaults but it depends on your system as well.
Re: HOW TO: RSPAMD integration
Ubuntu 18, Redis:
PASTE in the file:
And:
Test: systemctl status redis
Finally:
FOR multi-user env.:
+ change command names!!!
After all this I still have an error:
I wonder how to solve it. I googled for hours.
Code: Select all
apt install redis-server -y
sed -i 's/supervised no/supervised systemd/' /etc/redis/redis.conf
sed -i 's/# maxmemory <bytes>/maxmemory 100mb/' /etc/redis/redis.conf
sed -i 's/# maxmemory-policy noeviction/maxmemory-policy volatile-ttl/' /etc/redis/redis.conf
systemctl restart redis.service
echo 1 > /proc/sys/vm/overcommit_memory
sed -i 's/ReadWriteDirectories=-\/var\/run\/redis/ReadWriteDirectories=-\/run\/redis/' /lib/systemd/system/redis-server.service
sed -i 's/Type=forking/Type=notify/' /lib/systemd/system/redis-server.service
systemctl enable /lib/systemd/system/redis-server.service
sysctl vm.overcommit_memory=1
sed -i 's/# Protects against creating or following links under certain conditions/sysctl vm.overcommit_memory=1/' /etc/sysctl.conf
apt-get install hugepages -y
hugeadm --thp-never
sed -i '$i /usr/bin/hugeadm --thp-never' /etc/rc.local
systemctl edit redis-server
Code: Select all
[Service]
Type=notify
Code: Select all
systemctl daemon-reload
systemctl restart redis.service
systemctl enable rspamd
systemctl enable redis
systemctl start rspamd
systemctl start redis
Finally:
Code: Select all
sed -i 's/ANTISPAM_SYSTEM=\'spamassasin\'/ANTISPAM_SYSTEM=\'rspamd\'/' /etc/redis/redis.conf
service vesta restart
Code: Select all
sed -i 's/# requirepass foobared/requirepass CHANGETHISTOSOMETHINGREALLYLONGTOHAVEASECUREPASSWORD/' /etc/redis/redis.conf
After all this I still have an error:
Code: Select all
Failed to enable unit: Refusing to operate on linked unit file redis.service
Re: HOW TO: RSPAMD integration
As you can see, after doing all hustle you still getting errors. I mean of what use a tool is when u can't give a proper method to use it?
If you visit rspamd website, they have given such a huge long and extremely extremely complex instruction to install that one would just take days in just reading, plus google each step, and when u google u won't even find a single video tutorial on entire internet! Like if it was that much useful there must be a course or video someone have made on it.
It proves 99% people can't even installl it.
If you visit rspamd website, they have given such a huge long and extremely extremely complex instruction to install that one would just take days in just reading, plus google each step, and when u google u won't even find a single video tutorial on entire internet! Like if it was that much useful there must be a course or video someone have made on it.
It proves 99% people can't even installl it.